sec-coding1
[Sharif University CTF, 2016]
- Category: misc
- Points: 100
- Description:
You should fix vulnerabilities of the given source code, WITHOUT changing its normal behaviour.
Write-up
So that task is to fix all vulnerabilities in a given C++ program:
#include <vector>
#include <iostream>
#include <windows.h>
using namespace std;
int main() {
vector<char> str(MAX_PATH);
cout << "Enter your name: ";
cin >> str.data();
cout << "Hello " << str.data() << " :)" << endl;
return -14;
}
Pretty short and pretty obvious what's wrong with this program. str is a
vector of char with MAX_PATH entries preallocated. Then the name is read
from cin into str.data(), which is a
raw pointer to the underlying storage
of vector (aka char*). Using the raw pointer there is no bounds checking and
no allocation of additional memory, so this is a classic buffer overflow.
Replacing the vector with a string solves this issue.
#include <iostream>
#include <string>
using namespace std;
int main()
{
//vector<char> str(MAX_PATH);
string str;
cout << "Enter your name: ";
cin >> str;
cout << "Hello " << str << " :)" << endl;
return -14;
}
After submitting the fixed program, we got the flag.
Easy and obvious... at least if you know anything about C/C++. This seems more like a 10 point warm up challenge than 100 points... well.